systeroid — A more powerful alternative to sysctl(8).sysctl(8) is a utility on Unix-like operating systems that is used to read and modify the attributes of the kernel such as its version number, maximum limits, and security settings*. systeroid is "sysctl on steroids". It can do everything that sysctl does and even more. It provides a safer, more performant, and user-friendly CLI/TUI for managing the kernel parameters at runtime.
systeroid is implemented using procfs which is the virtual file system that is typically mapped to a mount point named /proc at boot time. This means checking the value of some kernel parameter requires opening a file in this virtual filesystem, reading its contents, parsing them, and closing the file. In Linux, these dynamically configurable kernel options are available under /proc/sys which contains directories representing the sections of the kernel and readable/writable virtual files. For example, to enable/disable IP forwarding, 1 or 0 could be written in /proc/sys/net/ipv4/ip_forward or systeroid ip_forward=1 command can be used to change the value of the parameter.
Although systeroid does not need the parameter section to be specified explicitly, it is important to know the sections and their areas of impact. Here are the available kernel sections according to the Linux kernel documentation:
| Section | Path | Description |
| ---------- | ------------------- | ------------------------------------------------------------- |
| abi | /proc/sys/abi/ | execution domains & personalities |
| fs | /proc/sys/fs/ | filesystem settings |
| kernel | /proc/sys/kernel/ | global kernel information / miscellaneous settings |
| net | /proc/sys/net/ | networking settings |
| sunrpc | /proc/sys/sunrpc/ | SUN Remote Procedure Call settings |
| user | /proc/sys/user/ | user namespace limits |
| vm | /proc/sys/vm/ | memory management tuning buffer and cache management settings |
| dev | /proc/sys/dev/ | device specific information |
| debug | /proc/sys/debug/ | - |
Table of Contents
Rust (>=1.56.1) (see building from source)libxcb (for clipboard support)linux-documentation (for viewing the documentation)To install the runtime dependencies:
pacman -S libxcb libxkbcommon linux-docsapt-get install libx11-dev libxcb-shape0-dev libxcb-xfixes0-dev libxkbcommon-dev linux-docdnf install libX11-devel kernel-doc
Packaging status
systeroid is available on crates.io:
sh
cargo install systeroid
cargo install systeroid-tui
systeroid can be installed from the community repository using pacman:
sh
pacman -S systeroid
See available releases that are automated by Continuous Deployment workflow.
```sh
git clone https://github.com/orhun/systeroid && cd systeroid/
CARGOTARGETDIR=target cargo build --release ```
Also see requirements.
Docker builds are automated and images are available in the following registries:
The following command can be used to interactively view the documentation of selected parameters:
sh
docker run --rm -it "orhunp/systeroid:${TAG:-latest}" --tui
Docker containers share the host system's kernel and its settings thus access to /proc and /sys are restricted for security. That is why it is not possible (and not recommended) to tweak the kernel parameters within a container. *
Custom Docker images can be built from the Dockerfile:
sh
docker build -t systeroid .
systeroid [options] [variable[=value] ...] --load[=<file>]
-a, --all display all variables (-A,-X)
-T, --tree display the variables in a tree-like format
-J, --json display the variables in JSON format
--deprecated include deprecated variables while listing
-e, --ignore ignore unknown variable errors
-N, --names print only variable names
-n, --values print only variable values
-b, --binary print only variable values without new line
-p, --load read values from file (-f)
-S, --system read values from all system directories
-r, --pattern <expr>
use a regex for matching variable names
-q, --quiet do not print variable after the value is set
-w, --write only enable writing a value to variable
-E, --explain provide a detailed explanation for variable
-D, --docs <path> set the path of the kernel documentation
-P, --no-pager do not pipe output into a pager
-v, --verbose enable verbose logging
--tui show terminal user interface
-c, --config <path> set the path of the configuration file
-h, --help display this help and exit (-d)
-V, --version output version information and exit
Most of the arguments/flags are inherited from sysctl so they have the same functionality.
```sh
systeroid -A
systeroid -T
systeroid -J ```
To disable colors, set the NO_COLOR environment variable.
```sh
systeroid kernel
systeroid vm user ```
```sh
systeroid kernel.hostname
systeroid -n kernel.hostname
systeroid kernel.hostname user.maxusernamespaces ```
```sh
systeroid kernel.domainname="example.com"
systeroid -e kernel.dmesgrestrict=0 vm.paniconoom=1 unknownparam="test"
systeroid -w fs.dir-notify-enable=1 net.mptcp.enabled=1 vm.oomkillallocating_task ```
Parameter values can be set from an INI file.
sysctl.conf:
```ini
kernel.sysrq = 16
kernel.coreusespid = 1
; Enable hard and soft link protection ; (If a line begins with a single '-', any attempts to set the value that fail will be ignored.) -fs.protectedhardlinks = 1 fs.protectedsymlinks = 1 ```
To load it:
sh
systeroid --load sysctl.conf
If no file is given, values are loaded from /etc/sysctl.conf as default:
sh
systeroid --load
Specifying "-" as file name means reading data from standard input:
sh
systeroid --load -
The list of default system directories are the following:
/etc/sysctl.d/run/sysctl.d/usr/local/lib/sysctl.d/usr/lib/sysctl.d/lib/sysctl.d/etc/sysctl.confUse --system flag to load the files with ".conf" extension in these directories:
sh
systeroid --system
```sh
systeroid -r 'net.ipv4.conf.(eth|wlan)0.arp' systeroid -r '^net.ipv6' ```
Example output of combining search with listing:
```sh $ systeroid --names --pattern 'kernel.*_max$' --tree
kernel ├── ngroupsmax ├── pidmax └── schedutilclamp_max ```
systeroid can dump the parameter information from the kernel documentation. This is useful if you don't know what a parameter is used for.
```sh
systeroid --explain oomdumptasks ```
Kernel documentation should be present in one of the following paths for parsing upon first launch:
/usr/share/doc/linux/usr/share/doc/linux-doc/usr/share/doc/linux-docs/usr/share/doc/kernel-doc-*/DocumentationThen the parsed data is cached in $HOME/.cache/systeroid-core and used from there as long as the documentation is not updated. The caching mechanism can be disabled via setting the NO_CACHE environment variable.
This is a design choice due to the fact that different versions of kernels might be installed on different systems so the documentation might be too new or old if systeroid was to be shipped with a fixed set of parameter descriptions bundled in. With the parsing approach, documentation is always kept up-to-date.
However, this means you need to:
pacman -S linux-docsapt-get install linux-docdnf install kernel-doc```sh
systeroid -E user.maxusernamespaces --docs /usr/share/doc/linux ```
To change the default pager (less(1)), you can use the PAGER environment variable. Also, you can simply use --no-pager flag to disable it.
sh
systeroid -E kernel.ctrl-alt-del --no-pager
It is also possible to retrieve information about multiple parameters:
sh
systeroid -E --pattern '.*ipv4.*' --no-pager
systeroid-tui [options]
-t, --tick-rate <ms>
set the tick rate of the terminal [default: 250]
-D, --docs <path> set the path of the kernel documentation
-s, --section <section>
set the section to filter
-q, --query <query> set the query to search
--bg-color <color>
set the background color [default: black]
--fg-color <color>
set the foreground color [default: white]
-n, --no-docs do not show the kernel documentation
--deprecated include deprecated variables while listing
-c, --config <path> set the path of the configuration file
-h, --help display this help and exit
-V, --version output version information and exit
| Key | Action | | ---------------------------------------------------------- | ---------------------------- | | ?, f1 | show help | | up/down, k/j, pgup/pgdown | scroll list | | t/b | scroll to top/bottom | | left/right, h/l | scroll documentation | | tab, ` | next/previous section | | : | command | | /, s | search | | enter | select / set parameter value | | c | copy to clipboard | | r, f5 | refresh | | esc | cancel / exit | | q, ctrl-c/ctrl-d | exit |
Simply run systeroid-tui to launch the terminal user interface. Alternatively, you can use systeroid --tui command (which runs systeroid-tui under the hood if it is found in PATH).
Help menu and key bindings can be shown via pressing ?:
Use up/down keys to scroll the parameter list. Alternatively, use t/b to scroll to the top/bottom.
Use left/right to scroll the parameter documentation.
Press tab or ` to toggle the kernel section for filtering entries in the parameter list.
Order of the sections is all-abi-fs-kernel-net-sunrpc-user-vm.
--section argument can be used to start systeroid-tui with the specified section for filtering.
sh
systeroid-tui --section kernel
Press / and type in your query to search for parameters.
Alternatively, you can start systeroid-tui with a pre-defined search query by using --query argument.
sh
systeroid-tui --query "fs.quota"
Press enter to select a parameter and set its value via command prompt.
You can press r to refresh the values in the parameter list.
Press : to open the command prompt for running a command. Available commands are:
| Command | Description |
| ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- |
| :help | Show help |
| :search | Enable search |
| :select | Select the current parameter in the list |
| :set <name> <value> | Set parameter value |
| :scroll [area] [direction] <amount> | Scroll the list or text
- areas: list, docs, section
- directions: up, down, top, bottom, right, left |
| :copy | Copy to clipboard |
| :refresh | Refresh values |
| :quit, :q | Quit |
Press c to show the options menu for copying the name, value, or documentation of the selected parameter.
* systeroid-tui should be built with clipboard feature for enabling the clipboard support.
Use --bg-color and --fg-color arguments to customize the colors of the terminal user interface.
```sh
systeroid-tui --fg-color blue
systeroid-tui --bg-color ffff99 --fg-color 003366 ```
To view the documentation as parameters are being selected on the list, kernel documentation should be parsed as explained in the "Showing information about parameters" section. A specific path for kernel documentation can be given via --docs argument or KERNEL_DOCS environment variable if it is not found in one of the locations that are checked as default.
To disable this feature altogether, use --no-docs flag.
It is possible to specify a value in milliseconds via --tick-rate argument for tweaking the refresh rate of the terminal which might be necessary in some cases where better performance is desired.
sh
systeroid-tui --tick-rate 500
systeroid can be configured with a configuration file that uses the INI format. It can be specified via --config or SYSTEROID_CONFIG environment variable. It can also be placed in one of the following global locations:
$HOME/.config/systeroid/systeroid.conf$HOME/.systeroid/systeroid.conf```sh
systeroid --config config/systeroid.conf
SYSTEROID_CONFIG=config/systeroid.conf systeroid
mkdir -p "$HOME/.config/systeroid" cp config/systeroid.conf "$HOME/.config/systeroid" systeroid ```
See the example systeroid.conf for the configuration options.
systeroid logo was originally painted by Ryan Tippery as a part of the Compositions art collection and it is put together by me using the Filled Spots font. Shout out to Ryan for letting me use his painting for the logo! <3 Kudos!
If you find systeroid and/or other projects on my GitHub profile useful, consider supporting me on GitHub Sponsors or becoming a patron!
See our Contribution Guide and please follow the Code of Conduct in all your interactions with the project.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache 2.0 License, shall be dual licensed as above, without any additional terms or conditions.
Licensed under either of Apache License Version 2.0 or The MIT License at your option.
Copyright © 2022, Orhun Parmaksız